Virgent AI logoVirgent AI

Security and Trust

This page describes our current security posture and compliance status. We publish this information so clients can evaluate controls with clear and accurate language.

Current Compliance Status

We do not currently claim SOC 2 attestation. We also do not display an official SOC 2 badge at this time.

Current Security Controls

  • Role based access controls and least privilege permissions
  • Encryption in transit and at rest through core service providers
  • Change management through version controlled development workflows
  • System monitoring and operational logging for incident investigation
  • Vendor and service provider review before handling sensitive workloads

Security Review Requests

For security questionnaires, architecture reviews, or procurement requests, email hello@virgent.ai. We can provide the latest policy and control details for active opportunities.

What We Need Ourselves as a Services Company

As a services first company, we do not need to claim a certification to help clients achieve theirs. We maintain practical internal controls and align our compliance work to client requirements and contract obligations.

  • Core baseline controls for our operations: access control, encryption, logging, incident response, and vendor review
  • Contract alignment for each engagement, including confidentiality, data handling, and security responsibilities
  • No claim of certification or badge unless an independent attestation has been completed

When We Should Pursue Our Own SOC 2

  • Clients require it in procurement or master service agreement terms
  • We directly host or operate client sensitive workloads at scale
  • Enterprise pipeline friction from missing attestation exceeds audit cost and effort

If We Pursue SOC 2 Later

  1. Define scope across systems, data flows, and in-scope vendors
  2. Select Trust Services Criteria and control objectives
  3. Implement and validate required administrative and technical controls
  4. Run a readiness gap assessment and remediate findings
  5. Collect operating evidence for a Type II observation window
  6. Engage an independent CPA firm for attestation
  7. Publish attestation access and approved badge assets after completion

How to Earn SOC 1 or SOC 2 (Outside This Repo)

Getting a SOC report is primarily an operations, legal, and audit program. Code changes help, but most work happens in governance, policy, evidence, and control operations.

  • SOC 1 is for controls that impact customer financial reporting. Choose SOC 1 only if your services affect financial statement processes.
  • SOC 2 is for security and trust controls across technology services. Most B2B SaaS and AI service companies pursue SOC 2.
  • Establish legal and governance foundations: data processing agreements, vendor terms, incident response authority, and policy ownership.
  • Build required policy set: access control, change management, logging and monitoring, vulnerability management, business continuity, and incident response.
  • Assign control owners and define evidence cadence for each control, then collect evidence continuously.
  • Perform readiness assessment, remediate gaps, then enter an audit window with a licensed CPA audit firm.
  • Complete attestation and publish report access workflow and approved badge assets after final opinion.

Other Common Compliance Paths

Many teams pair SOC 2 with additional frameworks based on industry and customer requirements.

  • ISO 27001: Information security management system certification with formal risk treatment and internal audit cycles.
  • HIPAA: Administrative, technical, and physical safeguards with business associate agreements and workforce controls.
  • PCI DSS: Required for cardholder data environments, with strict segmentation and payment security controls.
  • GDPR and privacy programs: Data mapping, lawful basis, retention controls, and data subject rights workflows.
  • NIST and federal readiness (for example NIST 800-171, CMMC, FedRAMP-related baselines): control inheritance, SSP documentation, and continuous monitoring.

How We Help Clients

We have the talent to help customers prepare for SOC 2 and related compliance outcomes. Our team supports control design, architecture hardening, evidence pipelines, readiness assessments, and audit preparation so programs can move from policy to operational reality.

Badge Publication Policy

We only publish an official SOC 2 badge after independent attestation is complete and approved badge assets are available from the auditor or trust platform. Until then, this page remains the source of truth for current status.

Legal Consistency

This page is aligned with our Privacy Policy and Terms of Service. If a statement changes, we update all pages together.

Virgent AI
Virgent AI
Powered by Multi Model · AG UI

VIRGENT AI · Multi Model · AG UI